Presentation is loading. Please wait.

Presentation is loading. Please wait.

Some basics of a AAA Control model

Published byMartina Anderson Modified over 6 years ago

Similar presentations

Presentation on theme: "Some basics of a AAA Control model"— Presentation transcript:

1 Some basics of a AAA Control model
John Vollbrecht Merit Network March 30, 2000 Adelaide ietf

2 AAA Elements and relationships
Authentication Server user Authorization Server Application Simple model – single domain/kingdom

3 Certificate/Token Sequence
1 Authentication Server 2 User agent Authorization Server 3 Application 1- get authentication token 2 – get authorization token 3- initiate application

4 Net Access Sequence an example
Authentication Server 3 4 Authorization Server User Agent 2 5 1 Edge Device 6 1 –request service/ with userinfo 2 – forward request with userinfo 3 – forward request with userinfo 4 – return authentication token 5 – return authorization token return session start

5 Bandwidth Broker an example
1 Authentication Server 2 3 User agent Authorization Server 4 6 5 Bandwidth Broker 1,2 – get authentication token request QoS Bandwidth authorized QoS request 5 – Session start – forward Session start

6 Some issues Which party controls the request sequence
Security requirements between parties in different sequences Possible onetime authorization or authentication Complexity of issues as multiple organizations get involved in Authentication or Authorization or resource/application provisioning

7 Some Goals One goal is a descriptive model that provides a basis for understanding what is common and what is unique between application domains Attempt to support Policy descriptions of sequences of AAA actions for specific application domains Provide a way to evaluate policy from multiple organizations for a specific request.

Download ppt "Some basics of a AAA Control model"

Similar presentations

Authentication Authorization Accounting and Auditing

Authentication Authorization Accounting and Auditing
Session ID Georg Carle, John Vollbrecht, Sebastian Zander, Tanja Zseby San Diego, December 2000.

Session ID Georg Carle, John Vollbrecht, Sebastian Zander, Tanja Zseby San Diego, December 2000.
NSI wg Architecture Elements John Vollbrecht Internet2.

NSI wg Architecture Elements John Vollbrecht Internet2.
Research on Networks Report on session on Grids & access Klaas Wierenga SURFnet Middleware Services Utrecht, 29 April 2004.

Research on Networks Report on session on Grids & access Klaas Wierenga SURFnet Middleware Services Utrecht, 29 April 2004.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Fast and Secure Universal Roaming Service for Mobile Internet Yeali S. Sun, Yu-Chun Pan, Meng-Chang Chen.

Fast and Secure Universal Roaming Service for Mobile Internet Yeali S. Sun, Yu-Chun Pan, Meng-Chang Chen.
Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.

Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.
Token Based Authorization of GMPLS Networks By: Leon Gommans, Paola Grosso, Fred Wan, Cees de Laat, Marten Hoekstra, Li Xu University of Amsterdam By:

Token Based Authorization of GMPLS Networks By: Leon Gommans, Paola Grosso, Fred Wan, Cees de Laat, Marten Hoekstra, Li Xu University of Amsterdam By:
Authentication & Kerberos

Authentication & Kerberos
Cryptography and Network Security Chapter 15 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.

Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.
Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV 16-22 Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.

Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.
Generic AAA based provisioning Of Network Elements Status update EVL 9/10/03 Leon Gommans University of Amsterdam.

Generic AAA based provisioning Of Network Elements Status update EVL 9/10/03 Leon Gommans University of Amsterdam.
Some Thoughts on Data Representation 47th IETF AAAarch Research Group David Spence Merit Network, Inc.

Some Thoughts on Data Representation 47th IETF AAAarch Research Group David Spence Merit Network, Inc.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
AAA-ARCH IRTF-RG Authentication Authorisation and Accounting ARCHitecture Research Group chairs: C. de Laat J. Vollbrecht Content of this talk has contributions.

AAA-ARCH IRTF-RG Authentication Authorisation and Accounting ARCHitecture Research Group chairs: C. de Laat J. Vollbrecht Content of this talk has contributions.
Accounting, Auditing and Session IDs Nevil Brownlee The University of Auckland / CAIDA Adelaide, March 2000.

Accounting, Auditing and Session IDs Nevil Brownlee The University of Auckland / CAIDA Adelaide, March 2000.
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht www.phys.uu.nl/~wwwfi/aaaarch RFC 2903,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903,
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.

Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.

Similar presentations

Ads by Google